The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs. By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.

“Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways,” Rafael Scheel, the security consultant who publicly demonstrated the attack, told Ars. “Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone.”